[Samba] issue joining domain and now logging in

Diego Franchini diego.tartol at gmail.com
Sat Oct 15 21:02:40 UTC 2022 

This is to add some more information and fix some other...

I get the OS for my Pi here:
https://www.armbian.com/orange-pi-zero/#kernels-archive-all

And I use the *Sid Server* version, as it's the only one that supports
Samba 4.16.5 out of the box.

and in my previous email, the last commands to check if everything is
working, are actually these:


*:~# host -t SRV _ldap._tcp.example.com <http://tcp.example.com>:~# host -t
SRV _kerberos._udp.* *example.com <http://example.com>*
*:~# host -t A SMBDC1.**example.com <http://example.com>*
*:~# sudo kinit Administrator*

Hope it's useful info

Il giorno sab 15 ott 2022 alle ore 22:15 Diego Franchini <
diego.tartol at gmail.com> ha scritto:

> Yes, the resolv.conf is as follows:
>
>
> *search fritz.boxnameserver 172.27.1.4*
>
> Doing a fresh install of samba with 4.15.9 works, and a fresh install on
> 4.16.5, following the same procedure, doesn't.
>
> this is what I do:
>
> *:~# sudo apt-get update && sudo apt-get upgrade*
> *:~# *
> *nano /etc/hosts*
> *:~# *
> *nano /etc/hostname    #to change name of device*
> *:~# *
> *nano /etc/dhcpcd.conf*
> *:~# **apt-get install samba krb5-config krb5-user winbind smbclient
> samba-dsdb-modules samba-vfs-modules*
>
> the hosts file:
>
>
>
>
>
>
>
>
> *127.0.0.1   localhost#127.0.1.1   SMBDC1::1         localhost SMBDC1
> ip6-localhost ip6-loopbackfe00::0     ip6-localnetff00::0
> ip6-mcastprefixff02::1     ip6-allnodesff02::2     ip6-allrouters172.27.1.4
>  SMBDC1.example.com <http://SMBDC1.example.com> SMBDC1*
>
> the dhcpdc.conf file:
>
>
>
>
>
>
> *interface eth0static ip_address=172.27.1.4/24
> <http://172.27.1.4/24>static routers=172.27.0.1static
> domain_name_servers=172.27.1.4static domain_search=example.com
> <http://example.com>*
>
> then I do the following
>
>
> *:~# reboot now*
>
> *:~# rm /etc/samba/smb.conf*
>
>
>
>
> *:~# rm /etc/krb5.conf:~# rm /var/run/samba/*.tdb:~# rm
> /var/run/samba/*.ldb:~# rm /var/lib/samba/*.tdb**:~#*
>
>
>
>
> *rm /var/lib/samba/*.ldb:~# rm /var/cache/samba/*.tdb:~# rm
> /var/cache/samba/*.ldb:~# rm /var/lib/samba/private/*.tdb:~# rm
> /var/lib/samba/private/*.ldb:~# samba-tool domain provision --use-rfc2307
> --interactive*
>
> and follow the guided setup, inputting the same data if 4.15.9 and 4.16.5.
>
> Then I execute these commands
>
> *:~# nano /etc/samba/smb.conf*
>
>
>
>
>
> *:~# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf:~# systemctl
> disable --now smbd nmbd winbind systemd-resolved:~# systemctl unmask
> samba-ad-dc.service:~# systemctl enable --now
> samba-ad-dc.service:~# samba-tool domain level show:~# reboot now*
>
> the smb.conf file:
>
>
>
>
>
>
>
> *# Global parameters[global]        dns forwarder = 172.27.1.2
> netbios name = SMBDC1        realm = EXAMPLE.COM <http://EXAMPLE.COM>
>   server role = active directory domain controller        workgroup = *
> *EXAMPLE*
>
>
>
> *        idmap_ldb:use rfc2307 = yes        host msdfs = yes[sysvol]
>   path = /var/lib/samba/sysvol*
>
>
>
> *        read only = No[netlogon]        path =
> /var/lib/samba/sysvol/frankini.net/scripts <http://frankini.net/scripts>
>     read only = No*
>
> the krb5.conf file:
>
>
> *[libdefaults]        default_realm = * *EXAMPLE*
>
>
>
>
>
>
>
> *.COM        dns_lookup_realm = false        dns_lookup_kdc =
> true[realms]FRANKINI.NET <http://FRANKINI.NET> = {        default_domain =
> example.net <http://example.net>}[domain_realm]        SMBDC1 = **EXAMPLE*
> *.COM*
>
> when the PI reboots I set from my router the DNS server to be the same IP
> as the Samba's and then do these tests:
>
>
>
>
> *:~# host -t SRV _ldap._tcp.gander.bag:~# host -t SRV
> _kerberos._udp.gander.bag:~# host -t A Pi4DC.gander.bag*
> *:~# sudo kinit Administrator*
>
> If none of these commands result in errors, then it's configured correctly
> and fully working.
>
> But perhaps you can spot something fishy in these configurations...
>
> Il giorno sab 15 ott 2022 alle ore 20:11 Rowland Penny via samba <
> samba at lists.samba.org> ha scritto:
>
>>
>>
>> On 15/10/2022 18:57, Diego Franchini wrote:
>> > On Samba Version 4.16.5-Debian (OS: Armbian 22.08.4 - Linux
>> > 5.19.14-sunxi), I cannot make this command work:
>> >
>> > root at SMBDC1:~# kinit Administrator
>> > kinit: Cannot contact any KDC for realm 'EXAMPLE.COM
>> > <http://EXAMPLE.COM>' while getting initial credentials
>> >
>> > with Samba Version 4.15.9-Ubuntu it works perfectly using the same
>> > setup... Should I change some config files to adapt them to the new
>> > version perhaps?
>> >
>>
>> I wouldn't think so, it works for me on Raspberry pi OS 64bit using
>> 4.16.5 from backports:
>>
>> adminuser at rpidc1:~ $ sudo kinit Administrator
>> Password for Administrator at SAMDOM.EXAMPLE.COM:
>> adminuser at rpidc1:~ $ sudo klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: Administrator at SAMDOM.EXAMPLE.COM
>>
>> Valid starting       Expires              Service principal
>> 10/15/2022 19:00:01  10/16/2022 05:00:01
>> krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM
>>         renew until 10/16/2022 18:59:43
>>
>> Is the first nameserver in /etc/resolv.conf the DC's ipaddress (and not
>> 127.0.0.1) ?
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list